UROP Openings

MIPS Vulnerability Injection

Term:

Summer

Department:

6: Electrical Engineering and Computer Science

Faculty Supervisor:

Martin Rinard

Faculty email:

rinard@csail.mit.edu

Apply by:

June 2020

Contact:

rinard@csail.mit.edu

Project Description

We need to integrate our vulnerability injection system with OSS-Fuzz
infrastructure (https://github.com/google/oss-fuzz/). OSS-Fuzz uses
docker containers which have their own version of LLVM installed
to compile the applications and run libfuzzer. We would want to change
these docker containers to use our own version of LLVM (which is
already published in a docker container) and compile target applications
with our version of DataFlow Sanitizer. Since libfuzzer provides its
own `main` function that will drive the application-provided entry
point (http://llvm.org/docs/LibFuzzer.html#fuzz-target), we will have
to write our own equivalent `main` function.
Once this infrastructure has been set up, we will want to set up
an automated (and ideally distributed) way to run aikido on all
applications supported by OSS-Fuzz, collect results and find places
where our system fails to inject vulnerabilities.

Pre-requisites

Interest in low-level computer security, the ability to understand the project description, and interest in the project.